substitute a schema
by paulo bruck
Hi Guys
I develop a simple schema and now I would like to suibstitute the actual
schema for another one with same attributes and objectclass + another
attibutes and obcejtclass .
See its a superseed of ther previus one...
I have already try using :
ldapdelete -Y EXTERNAL -H ldapi:/// cn={6}squid,cn=schema,cn=config
but received a:
ldap_delete: Server is unwilling to perform (53)
Doing it by hand it worked ( stoping ldap, substituted cn=squid with new
one and restarting ldap), but I know that is not correct...
How can I do it using ldapdelete ?
best regards
11 years, 2 months
Re[8]: Searching few domains for one uid
by kefast@o2.pl
> --On Friday, July 13, 2012 10:12 AM +0200 kefast(a)o2.pl wrote:
>>
>>> --On Thursday, July 12, 2012 11:16 AM +0200 kefast(a)o2.pl wrote:
>>
>>
>>>>
>>>> I've got 3 databases on a server
>>>> dc=a,dc=com
>>>> dc=b,dc=com,dc=de
>>>> dc=c,dc=com,dc=fr
>>>>
>>>> When on a client side a pointed BASE ""
>>>> the server says:
>>>> slapd[13330]: do_search: invalid dn ("")
>>>>
>>>> Should I reconfigure my database maybe and set dn to "" ?
>>>> If yes how should the root dn look like ?
>>>> dn: ""
>>>> dc: ""
>>>> objectClass: top
>>>> objectClass: domain
>>>> structuralObjectClass: domain
>>
>>> The easiest thing to do is to create a single database, with a root of
>>> "". You don't need to create an entry for "" itself, as it is inherent
>>> to the openldap directory server.
>>
>>> First entry would (in your case) likely be for dn: dc=com
>>
>>> dn: dc=com
>>> objectClass: organization
>>> objectClass: dcObject
>>> o: com domain
>>> dc: com
>>
>>
>>> --Quanah
>>
>>
>>> --
>>
>>> Quanah Gibson-Mount
>>> Sr. Member of Technical Staff
>>> Zimbra, Inc
>>> A Division of VMware, Inc.
>>> --------------------
>>> Zimbra :: the leader in open source messaging and collaboration
>>
>>
>> But in my case not all of my domains finishs on .com in the end.
>> So beside a.com I've got b.com.de and b.com.fr, so in that case I'm
>> not sure the root "com" would do, so maybe making root as .corp and then
>> a.com.corp, b.com.de.corp, c.com.fr.corp.
>> And one more think, is that statement which combines all parts of a
>> domain in one dc would be ok ?
>> dn="ou=People,dc=b.com.de,dc=corp"
>> Would't it spoil something ?
> You are missing the point of using "". ;) The point of using "" is that
> you can store any and all domains in the same database.
> In your case, if you have .de and .fr, then create entries for them too:
> dn: dc=com
> objectClass: organization
> objectClass: dcObject
> o: com domain
> dc: com
> dn: dc=de
> objectClass: organization
> objectClass: dcObject
> o: de domain
> dc: de
> dn: dc=com, dc=de
> objectClass: organization
> objectClass: dcObject
> o: com.de domain
> dc: com
> dn: dc=fr
> objectClass: organization
> objectClass: dcObject
> o: fr domain
> dc: fr
> dn: dc=com, dc=fr
> objectClass: organization
> objectClass: dcObject
> o: com.fr domain
> dc: com
> etc.
> You could even create:
> dn: cn=IamWildAndCrazy
> objectClass: organizationalRole
> description: Insane entry
> cn: IamWildAndCrazy
> --Quanah
> --
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
Ok, thanx, I do understand that, but my point is, where I can put
those "" in configuration files ? On a client side set BASE "" and in
slapd.conf
database bdb
suffix ""
rootdn "cn=admin"
?
How persisly set config files (client, server) to search for all of
those domains You listed.
--
Pozdrowienia,
kefast(a)o2.pl
11 years, 2 months
olcSubordinate versus Chaining
by Warren Howard
Dear all,
I'm setting up a replicated directory service, so far I have a single
provider and a single consumer with Syncrepl in refreshOnly mode. The
consumer is a complete shadow copy of the provider, ldap clients can
read from the consumer but not write to the consumer because it is a
shadow copy. Next I would like "refer" ldap clients that wish to write
to the consumer to the provider. Based on the notes here :
http://www.openldap.org/doc/admin24/referrals.html, I would like to how
to do this by using the olcSubordinate keyword. I've read the
olcSubordinate section in slapd-config man page and I don't see a way
forward and I'm not even sure that using olcSubordinate is the correct
approach, since the steps described in
http://www.openldap.org/doc/admin24/overlays.html#Chaining appear more
relevant to set up I'm attempting.
Any guidance much appreciated.
Regards,
Warren.
11 years, 2 months
modifying network timeout behavior of ldap clients
by Ryan Palamara
I am running several CentOS servers that have 2 ldap servers defined. I would like to modify the ldap network timeout, so that if the first ldap server listed goes down entirely, that it will go to the next server quickly.
I know that the setting will be LDAP_OPT_NETWORK_TIMEOUT, but I am not sure when this change is made. Can this be done in the ldap.conf file, or is it done elsewhere?
Thank you,
Ryan Palamara
ZAIS Group, LLC
2 Bridge Avenue, Suite 322
Red Bank, New Jersey 07701
Phone: (732) 450-7444
Ryan.palamara(a)zaisgroup.com<mailto:Ryan.palamara@zaisgroup.com>
________________________________
This e-mail message is intended only for the named recipient(s) above. It may contain confidential information. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system. Thank you.
This is not an offer (or solicitation of an offer) to buy/sell the securities/instruments mentioned or an official confirmation. This is not research and is not from ZAIS Group but it may refer to a research analyst/research report. Unless indicated, these views are the author's and may differ from those of ZAIS Group research or others in the Firm. We do not represent this is accurate or complete and we may not update this. Past performance is not indicative of future returns.
IRS CIRCULAR 230 NOTICE:.
To comply with requirements imposed by the IRS, we inform you that any U.S. federal tax advice contained herein (including any attachments), unless specifically stated otherwise, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. Each taxpayer should seek advice based on the taxpayer's particular circumstances from an independent tax advisor.
"ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of ZAIS Group, LLC.
11 years, 2 months
Re[6]: Searching few domains for one uid
by kefast@o2.pl
> --On Thursday, July 12, 2012 11:16 AM +0200 kefast(a)o2.pl wrote:
>>
>> I've got 3 databases on a server
>> dc=a,dc=com
>> dc=b,dc=com,dc=de
>> dc=c,dc=com,dc=fr
>>
>> When on a client side a pointed BASE ""
>> the server says:
>> slapd[13330]: do_search: invalid dn ("")
>>
>> Should I reconfigure my database maybe and set dn to "" ?
>> If yes how should the root dn look like ?
>> dn: ""
>> dc: ""
>> objectClass: top
>> objectClass: domain
>> structuralObjectClass: domain
> The easiest thing to do is to create a single database, with a root of "".
> You don't need to create an entry for "" itself, as it is inherent to the
> openldap directory server.
> First entry would (in your case) likely be for dn: dc=com
> dn: dc=com
> objectClass: organization
> objectClass: dcObject
> o: com domain
> dc: com
> --Quanah
> --
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
But in my case not all of my domains finishs on .com in the end.
So beside a.com I've got b.com.de and b.com.fr, so in that case I'm
not sure the root "com" would do, so maybe making root as .corp and then
a.com.corp, b.com.de.corp, c.com.fr.corp.
And one more think, is that statement which combines all parts of a
domain in one dc would be ok ?
dn="ou=People,dc=b.com.de,dc=corp"
Would't it spoil something ?
--
Pozdrowienia,
kefast(a)o2.pl
11 years, 2 months
Re[4]: Searching few domains for one uid
by kefast@o2.pl
Witaj Quanah,
W Twoim liście datowanym 12 lipca 2012 (10:58:52) można przeczytać:
> --On Thursday, July 12, 2012 10:55 AM +0200 kefast(a)o2.pl wrote:
>>
>> Thanx for Your response, and I'm sorry, cause I didn't catch that.
>> Do You mean I should set var in ldap.conf on a client to
>> BASE "dc=a,dc=com dc=b,dc=com,dc=de dc=c,dc=com,dc=fr" ?
> Please keep your reply on the list.
> You should use a base of "", which is the root base. On your LDAP server
> too. Then everything is stored under "", and any search of "" for uid will
> return all entries below it.
> If this was a file system, "" would be equivalent to /
> --Quanah
> --
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
I've got 3 databases on a server
dc=a,dc=com
dc=b,dc=com,dc=de
dc=c,dc=com,dc=fr
When on a client side a pointed BASE ""
the server says:
slapd[13330]: do_search: invalid dn ("")
Should I reconfigure my database maybe and set dn to "" ?
If yes how should the root dn look like ?
dn: ""
dc: ""
objectClass: top
objectClass: domain
structuralObjectClass: domain
--
Pozdrowienia,
kefast(a)o2.pl
11 years, 2 months
Binlogs Growing umlimited
by Thomas Spycher
Hi
We are maintaining a huge LDAP Directory with x thousands records. This OpenLDAP instance is only for load and performance tests of our software. I've recently noticed that the bin logs of the bdb backend are growing nearly unlimited. (The LDAP Server gets replicated to an other one in an active/passive cluster).
To gain the "wasted" space back, we're writing the bin logs back to to the main database every 24 hours. Now we are faced with an ldap server which can only read from its database. After an restart of the server everything works as expected but the same happens again irregularly...
My Questions are:
1. what could happen with the server, which makes it only being able to read of its own db?
2. why are the bin logs are growing so dramatically?
Thanks for any help
Tom
11 years, 2 months
Re: Re[2]: Searching few domains for one uid
by Quanah Gibson-Mount
--On Thursday, July 12, 2012 10:55 AM +0200 kefast(a)o2.pl wrote:
>
> Thanx for Your response, and I'm sorry, cause I didn't catch that.
> Do You mean I should set var in ldap.conf on a client to
> BASE "dc=a,dc=com dc=b,dc=com,dc=de dc=c,dc=com,dc=fr" ?
Please keep your reply on the list.
You should use a base of "", which is the root base. On your LDAP server
too. Then everything is stored under "", and any search of "" for uid will
return all entries below it.
If this was a file system, "" would be equivalent to /
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
11 years, 2 months
Searching few domains for one uid
by kefast@o2.pl
Hello,
I've got 3 domains (departments), for egzample:
a.com
b.com.de
c.com.fr
and each of them has it's own
posixAccount users (moved from nis).
I want every user in each department to be albe to login with his
credencials, localized under people.$(domainname) to machines under
all domains, but as far as I know, You cant search for uid or anyting else in more then one
domain, cause a BASE attrib in ldap.conf accept only one search base.
Is the only way to do this is change the schema to:
a.com.corp
b.com.de.corp
c.com.fr.corp
and set the search base to dc=corp ?
I've also read about setting base to config and put it there.
--
Pozdrowienia,
kefast(a)o2.pl
11 years, 2 months
RE: Setting up multiple proxies on openldap 2.4.23
by Bhargav Mistry
Gentle bump !
From: Bhargav Mistry
Sent: Friday, July 06, 2012 6:43 PM
To: openldap-technical(a)openldap.org
Subject: Setting up multiple proxies on openldap 2.4.23
Hi,
I am trying to configure multiple proxy so that the ldap master can push data to more than one proxy servers. My olcDatabase={3}ldap.ldif file looks like this:
dn: olcDatabase={3}ldap
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {3}ldap
olcHidden: TRUE
olcSuffix: dc=amdocs,dc=com
olcRootDN: cn=ldap,dc=amdocs,dc=com
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
structuralObjectClass: olcLDAPConfig
entryUUID: c7d2672e-5c10-1031-9a08-0f8186de202c
creatorsName: cn=config
createTimestamp: 20120706234807Z
olcSyncrepl:: <syncrepl entry here>
olcDbACLBind: bindmethod=simple timeout=0 network-timeout=0 binddn="cn=Manager
,dc=something,dc=com" credentials="secret"
olcDbURI: ldap://proxy-1.server.com
entryCSN: 20120707001006.061485Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20120707001006Z
With this configuration it is currently pushing only to proxy-1.server.com,
how do I add more than one olcDbURI values so that it can push to multiple servers?
Thanks.
Bhargav.
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp
11 years, 2 months
